A data-in-use encryption layer for your relational database

Altering SQL on the fly

Prisma/DB works as a proxy between the client applications and the database servers. Neither side needs to be aware of the change; the proxy translates plaintext queries into encryption-aware equivalents on behalf of the application, and decrypts and validates the results from the DB before showing them to the client application.

Existing applications could be seamlessly switched over to work through Prisma/DB. Currently supported database systems include Microsoft SQL Server, MySQL, and MariaDB. PostgreSQL and Oracle are coming soon!

Security model

Prisma/DB works under the assumption that it itself is running in a trusted environment, and acts as a proxy to a database that is running in a completely untrusted environment. The en-/decryption keys never leave the Prisma/DB Proxy and all the data that goes to and from the database is completely encrypted.

A combination of multiple industry-acclaimed encryption schemes such as Paillier, ElGamal, and AES/Rijndael, and others, encryption schemes that were specifically designed for this product, as well as specially developed communication protocols make it possible to perform complex analytical and transactional operations over fully encrypted data.